Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pyinstaller/PyInstaller/bootloader/Windows-32bit/runw.exe - Virustotal rating 11/60 #2501

Closed
AndrewUshakov opened this issue Mar 13, 2017 · 5 comments
Closed

pyinstaller/PyInstaller/bootloader/Windows-32bit/runw.exe - Virustotal rating 11/60 #2501

AndrewUshakov opened this issue Mar 13, 2017 · 5 comments
Labels
solution:invalid

Comments

@AndrewUshakov
Copy link

AndrewUshakov commented Mar 13, 2017
edited

I was informed by our corporate IT, that:

Our bit9 database has detected a file runw.exe as malicious on the server - XXX\XXXXX
File path:: x:\xxxxxxx\xxxxxxxxxxx\my documents\pyinstaller\pyinstaller\bootloader\windows-32bit\
Please delete this file as soon as possible.

I checked this file using virusltotal.com and result is 10/60 which is rather big:

Antivirus Result Update
AegisLab Troj.Gen!c 20170313
Antiy-AVL Trojan[Dropper]/Win32.Sysn 20170313
Jiangmin Trojan.Agent.asnd 20170313
K7AntiVirus Trojan ( 00506e781 ) 20170313
K7GW Trojan ( 00506e781 ) 20170313
NANO-Antivirus Trojan.Win32.Agent.elyxeb 20170313
Palo Alto Networks (Known Signatures) Virus/Win32.WGeneric.lldkv 20170313
Rising Malware.Generic.5!tfe (cloud:4VPvg98eQbI) 20170313
TheHacker Trojan/Agent.am 20170311
Zillya Dropper.Sysn.Win32.5954 20170310

I understand, that this is a 'false-positive', but I sure that it is very desirable to have absolutely clean rating 0/70.

Thank you in advance.
@ghost
Copy link

ghost commented Mar 13, 2017

I ran into this problem a while ago but MS appears to have fixed it for windows defender. I don't know what the answer is; the code is open source for everyone to see. If you have any suggestions, please let us know. Otherwise, nothing is likely to happen.

@ghost
Copy link

ghost commented Mar 13, 2017

I looked on carbon's web site and was unable to find a contact link that I could use. My suggestion is that since you are a paying customer, you can contact them about this false positive.

@AndrewUshakov
Copy link
Author

Thank you. I already asked our corporate IT to send this file with information where it is possible to find its source code to "our" anitivirus company,

@htgoebel
Copy link
Member

Please contact you anti-virus vendor. There is nothing we can do about this false positive.

If your anti-virus vendor considers one of the files included in the PyInstaller distribution or a file generated by PyInstaller to be malicious, there is nothing we can do about this. Even if we'd change our code, they'd change their pattern and the race starts again.

See this mailing-list thread and other tickets for his topic.

@sheebz
Copy link

sheebz commented Jan 26, 2018

Seeing this again.
https://www.virustotal.com/#/file/f94140a95bb613c79e66e01b430acd2eab8c27af4e3a9b280b061b916f79cf81/detection

@pyinstaller pyinstaller locked as resolved and limited conversation to collaborators Jan 27, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
solution:invalid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sheebz @htgoebel @AndrewUshakov